I want to create an applet or EEM script that puts hosts in the proper VLAN based on their mac address/OUI. I've read through "https://supportforums.cisco.com/document/100791/automatically-set-port-descriptions" and "https://supportforums.cisco.com/discussion/11385521/eem-32-mac-address-prefix-switch-port-config-examples" which are extrememly helpful.
The big questions are:
1: How would I excluder Trunk interfaces from the EEM event
2: Is it possible to read the mac addresses/OUI's and corresponding VLAN ID's from a csv table rather than configuring each of them as an environment variable?
1. You'll need to add code to parse the output of "show int switchport" to see if the port is a trunk.
cli command "show int $_mat_intf_name switchport | inc Operational Mode:"
regexp "trunk" "$_cli_result"
if $_regexp_result eq "1"
2. No, this is not possible on the event spec line. You could build a regexp for all OUIs, and then extract a matching VLAN from a file. You could read the file, and then extract the VLAN portion if the OUI matches the OUI portion.
I just want to make sure that I understand this correctly. If I use the MAT event and parsed the interface every time a new mac was learned, would that use a lot of processing resources on the switch, depending on the amount of MAC addresses learned on the trunk? Would that put the switch at risk of running out of resources and crashing?
It could, yes. But there's no other way to reliably filter trunk ports. You could design an interface regexp to match ports that you know to only be access, but that would require you to know operational state up front for each switch.
No, the event detector does not support this. While you could react to an interface coming up and install a mat policy, I feel the timing would make this too difficult.
What you could do is have a "scheduler" policy that periodically runs and checks all interface operational states. If they are access it installs a policy for that interface. If it turns to trunk, it removes the policy. The downside of this is that you will have one policy for every access port.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...